Biblio

Filters: Keyword is Concurrency  [Clear All Filters]
2021-06-01
Alfandi, Omar, Otoum, Safa, Jararweh, Yaser.  2020.  Blockchain Solution for IoT-based Critical Infrastructures: Byzantine Fault Tolerance. NOMS 2020 - 2020 IEEE/IFIP Network Operations and Management Symposium. :1—4.
Providing an acceptable level of security for Internet of Things (IoT)-based critical infrastructures, such as the connected vehicles, considers as an open research issue. Nowadays, blockchain overcomes a wide range of network limitations. In the context of IoT and blockchain, Byzantine Fault Tolerance (BFT)-based consensus protocol, that elects a set of authenticated devices/nodes within the network, considers as a solution for achieving the desired energy efficiency over the other consensus protocols. In BFT, the elected devices are responsible for ensuring the data blocks' integrity and preventing the concurrently appended blocks that might contain some malicious data. In this paper, we evaluate the fault-tolerance with different network settings, i.e., the number of connected vehicles. We verify and validate the proposed model with MATLAB/Simulink package simulations. The results show that our proposed hybrid scenario performed over the non-hybrid scenario taking throughput and latency in the consideration as the evaluated metrics.
Abhinav, P Y, Bhat, Avakash, Joseph, Christina Terese, Chandrasekaran, K.  2020.  Concurrency Analysis of Go and Java. 2020 5th International Conference on Computing, Communication and Security (ICCCS). :1—6.
There has been tremendous progress in the past few decades towards developing applications that receive data and send data concurrently. In such a day and age, there is a requirement for a language that can perform optimally in such environments. Currently, the two most popular languages in that respect are Go and Java. In this paper, we look to analyze the concurrency features of Go and Java through a complete programming language performance analysis, looking at their compile time, run time, binary sizes and the language's unique concurrency features. This is done by experimenting with the two languages using the matrix multiplication and PageRank algorithms. To the extent of our knowledge, this is the first work which used PageRank algorithm to analyse concurrency. Considering the results of this paper, application developers and researchers can hypothesize on an appropriate language to use for their concurrent programming activity.Results of this paper show that Go performs better for fewer number of computation but is soon taken over by Java as the number of computations drastically increase. This trend is shown to be the opposite when thread creation and management is considered where Java performs better with fewer computation but Go does better later on. Regarding concurrency features both Java with its Executor Service library and Go had their own advantages that made them better for specific applications.
Junchao, CHEN, Baorong, ZHAI, Yibing, DONG, Tao, WU, Kai, YOU.  2020.  Design Of TT C Resource Automatic Scheduling Interface Middleware With High Concurrency and Security. 2020 International Conference on Information Science, Parallel and Distributed Systems (ISPDS). :171—176.
In order to significantly improve the reliable interaction and fast processing when TT&C(Tracking, Telemetry and Command) Resource Scheduling and Management System (TRSMS) communicate with external systems which are diverse, multiple directional and high concurrent, this paper designs and implements a highly concurrent and secure middleware for TT&C Resource Automatic Scheduling Interface (TRASI). The middleware designs memory pool, data pool, thread pool and task pool to improve the efficiency of concurrent processing, uses the rule dictionary, communication handshake and wait retransmission mechanism to ensure the data interaction security and reliability. This middleware can effectively meet the requirements of TRASI for data exchange with external users and system, significantly improve the data processing speed and efficiency, and promote the information technology and automation level of Aerospace TT&C Network Management Center (TNMC).
Reijsbergen, Daniël, Anh Dinh, Tien Tuan.  2020.  On Exploiting Transaction Concurrency To Speed Up Blockchains. 2020 IEEE 40th International Conference on Distributed Computing Systems (ICDCS). :1044—1054.
Consensus protocols are currently the bottlenecks that prevent blockchain systems from scaling. However, we argue that transaction execution is also important to the performance and security of blockchains. In other words, there are ample opportunities to speed up and further secure blockchains by reducing the cost of transaction execution. Our goal is to understand how much we can speed up blockchains by exploiting transaction concurrency available in blockchain workloads. To this end, we first analyze historical data of seven major public blockchains, namely Bitcoin, Bitcoin Cash, Litecoin, Dogecoin, Ethereum, Ethereum Classic, and Zilliqa. We consider two metrics for concurrency, namely the single-transaction conflict rate per block, and the group conflict rate per block. We find that there is more concurrency in UTXO-based blockchains than in account-based ones, although the amount of concurrency in the former is lower than expected. Another interesting finding is that some blockchains with larger blocks have more concurrency than blockchains with smaller blocks. Next, we propose an analytical model for estimating the transaction execution speed-up given an amount of concurrency. Using results from our empirical analysis, the model estimates that 6× speed-ups in Ethereum can be achieved if all available concurrency is exploited.
Englund, Håkan, Lindskog, Niklas.  2020.  Secure acceleration on cloud-based FPGAs – FPGA enclaves. 2020 IEEE International Parallel and Distributed Processing Symposium Workshops (IPDPSW). :119—122.
FPGAs are becoming a common sight in cloud environments and new usage paradigms, such as FPGA-as-a-Service, have emerged. This development poses a challenge to traditional FPGA security models, as these are assuming trust between the user and the hardware owner. Currently, the user cannot keep bitstream nor data protected from the hardware owner in an FPGA-as-a-service setting. This paper proposes a security model where the chip manufacturer takes the role of root-of-trust to remedy these security problems. We suggest that the chip manufacturer creates a Public Key Infrastructure (PKI), used for user bitstream protection and data encryption, on each device. The chip manufacturer, rather than the hardware owner, also controls certain security-related peripherals. This allows the user to take control over a predefined part of the programmable logic and set up a protected enclave area. Hence, all user data can be provided in encrypted form and only be revealed inside the enclave area. In addition, our model enables secure and concurrent multi-tenant usage of remote FPGAs. To also consider the needs of the hardware owner, our solution includes bitstream certification and affirming that uploaded bitstreams have been vetted against maliciousness.
Chen, Zhanhao, Cao, Yinzhi.  2020.  JSKernel: Fortifying JavaScript against Web Concurrency Attacks via a Kernel-Like Structure. 2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). :64—75.
As portals to the Internet, web browsers constitute prominent targets for attacks. Existing defenses that redefine web APIs typically capture information related to a single JavaScript function. Thus, they fail to defend against the so-called web concurrency attacks that use multiple interleaved functions to trigger a browser vulnerability. In this paper, we propose JSKernel, the first generic framework that introduces a kernel concept into JavaScript to defend against web concurrency attacks. The JavaScript kernel, inspired from operating system concepts, enforces the execution order of JavaScript events and threads to fortify security. We implement a prototype of JSKernel deployable as add-on extensions to three widely used web browsers, namely Google Chrome, Mozilla Firefox, and Microsoft Edge. These open-source extensions are available at (https://github.com/jskernel2019/jskernel) along with a usability demo at (https://jskernel2019.github.io/). Our evaluation shows the prototype to be robust to web concurrency attacks, fast, and backward compatible with legacy websites.
2021-02-23
Krohmer, D., Schotten, H. D..  2020.  Decentralized Identifier Distribution for Moving Target Defense and Beyond. 2020 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA). :1—8.

In this work, we propose a novel approach for decentralized identifier distribution and synchronization in networks. The protocol generates network entity identifiers composed of timestamps and cryptographically secure random values with a significant reduction of collision probability. The distribution is inspired by Unique Universal Identifiers and Timestamp-based Concurrency Control algorithms originating from database applications. We defined fundamental requirements for the distribution, including: uniqueness, accuracy of distribution, optimal timing behavior, scalability, small impact on network load for different operation modes and overall compliance to common network security objectives. An implementation of the proposed approach is evaluated and the results are presented. Originally designed for a domain of proactive defense strategies known as Moving Target Defense, the general architecture of the protocol enables arbitrary applications where identifier distributions in networks have to be decentralized, rapid and secure.

2021-06-01
Xu, Meng, Kashyap, Sanidhya, Zhao, Hanqing, Kim, Taesoo.  2020.  Krace: Data Race Fuzzing for Kernel File Systems. 2020 IEEE Symposium on Security and Privacy (SP). :1643—1660.
Data races occur when two threads fail to use proper synchronization when accessing shared data. In kernel file systems, which are highly concurrent by design, data races are common mistakes and often wreak havoc on the users, causing inconsistent states or data losses. Prior fuzzing practices on file systems have been effective in uncovering hundreds of bugs, but they mostly focus on the sequential aspect of file system execution and do not comprehensively explore the concurrency dimension and hence, forgo the opportunity to catch data races.In this paper, we bring coverage-guided fuzzing to the concurrency dimension with three new constructs: 1) a new coverage tracking metric, alias coverage, specially designed to capture the exploration progress in the concurrency dimension; 2) an evolution algorithm for generating, mutating, and merging multi-threaded syscall sequences as inputs for concurrency fuzzing; and 3) a comprehensive lockset and happens-before modeling for kernel synchronization primitives for precise data race detection. These components are integrated into Krace, an end-to-end fuzzing framework that has discovered 23 data races in ext4, btrfs, and the VFS layer so far, and 9 are confirmed to be harmful.
2020-10-06
Ravikumar, Gelli, Hyder, Burhan, Govindarasu, Manimaran.  2019.  Efficient Modeling of HIL Multi-Grid System for Scalability Concurrency in CPS Security Testbed. 2019 North American Power Symposium (NAPS). :1—6.
Cyber-event-triggered power grid blackout compels utility operators to intensify cyber-aware and physics-constrained recovery and restoration process. Recently, coordinated cyber attacks on the Ukrainian grid witnessed such a cyber-event-triggered power system blackout. Various cyber-physical system (CPS) testbeds have attempted with multitude designs to analyze such interdependent events and evaluate remedy measures. However, resource constraints and modular integration designs have been significant barriers while modeling large-scale grid models (scalability) and multi-grid isolated models (concurrency) under a single real-time execution environment for the hardware-in-the-loop (HIL) CPS security testbeds. This paper proposes a meticulous design and effective modeling for simulating large-scale grid models and multi-grid isolated models in a HIL realtime digital simulator environment integrated with industry-grade hardware and software systems. We have used our existing HIL CPS security testbed to demonstrate scalability by the realtime performance of a Texas-2000 bus US synthetic grid model and concurrency by the real-time performance of simultaneous ten IEEE-39 bus grid models and an IEEE-118 bus grid model. The experiments demonstrated significant results by 100% realtime performance with zero overruns, low latency while receiving and executing control signals from SEL Relays via IEC-61850 protocol and low latency while computing and transmitting grid data streams including stability measures via IEEE C37.118 synchrophasor data protocol to SEL Phasor Data Concentrators.
2020-02-10
Ashfaq, Qirat, Khan, Rimsha, Farooq, Sehrish.  2019.  A Comparative Analysis of Static Code Analysis Tools That Check Java Code Adherence to Java Coding Standards. 2019 2nd International Conference on Communication, Computing and Digital Systems (C-CODE). :98–103.

Java programming language is considered highly important due to its extensive use in the development of web, desktop as well as handheld devices applications. Implementing Java Coding standards on Java code has great importance as it creates consistency and as a result better development and maintenance. Finding bugs and standard's violations is important at an early stage of software development than at a later stage when the change becomes impossible or too expensive. In the paper, some tools and research work done on Coding Standard Analyzers is reviewed. These tools are categorized based on the type of rules they cheeked, namely: style, concurrency, exceptions, and quality, security, dependency and general methods of static code analysis. Finally, list of Java Coding Standards Enforcing Tools are analyzed against certain predefined parameters that are limited by the scope of research paper under study. This review will provide the basis for selecting a static code analysis tool that enforce International Java Coding Standards such as the Rule of Ten and the JPL Coding Standards. Such tools have great importance especially in the development of mission/safety critical system. This work can be very useful for developers in selecting a good tool for Java code analysis, according to their requirements.

2019-12-17
Li, Ming, Hawrylak, Peter, Hale, John.  2019.  Concurrency Strategies for Attack Graph Generation. 2019 2nd International Conference on Data Intelligence and Security (ICDIS). :174-179.

The network attack graph is a powerful tool for analyzing network security, but the generation of a large-scale graph is non-trivial. The main challenge is from the explosion of network state space, which greatly increases time and storage costs. In this paper, three parallel algorithms are proposed to generate scalable attack graphs. An OpenMP-based programming implementation is used to test their performance. Compared with the serial algorithm, the best performance from the proposed algorithms provides a 10X speedup.

2020-10-06
Ibrahim, Romani Farid.  2019.  Mobile Transaction Processing for a Distributed War Environment. 2019 14th International Conference on Computer Science Education (ICCSE). :856—862.

The battlefield environment differs from the natural environment in terms of irregular communications and the possibility of destroying communication and medical units by enemy forces. Information that can be collected in a war environment by soldiers is important information and must reach top-level commanders in time for timely decisions making. Also, ambulance staff in the battlefield need to enter the data of injured soldiers after the first aid, so that the information is available for the field hospital staff to prepare the needs for incoming injured soldiers.In this research, we propose two transaction techniques to handle these issues and use different concurrency control protocols, depending on the nature of the transaction and not a one concurrency control protocol for all types of transactions. Message transaction technique is used to collect valuable data from the battlefield by soldiers and allows top-level commanders to view it according to their permissions by logging into the system, to help them make timely decisions. In addition, use the capabilities of DBMS tools to organize data and generate reports, as well as for future analysis. Medical service unit transactional workflow technique is used to provides medical information to the medical authorities about the injured soldiers and their status, which helps them to prepare the required needs before the wounded soldiers arrive at the hospitals. Both techniques handle the disconnection problem during transaction processing.In our approach, the transaction consists of four phases, reading, editing, validation, and writing phases, and its processing is based on the optimistic concurrency control protocol, and the rules of actionability that describe how a transaction behaves if a value-change is occurred on one or more of its attributes during its processing time by other transactions.

Gupta, Priyanka, Garg, Gagan.  2019.  Handling concurrent requests in a secret sharing based storage system using Petri Nets. 2019 IEEE International Conference on Advanced Networks and Telecommunications Systems (ANTS). :1—6.

Data can be stored securely in various storage servers. But in the case of a server failure, or data theft from a certain number of servers, the remaining data becomes inadequate for use. Data is stored securely using secret sharing schemes, so that data can be reconstructed even if some of the servers fail. But not much work has been carried out in the direction of updation of this data. This leads to the problem of updation when two or more concurrent requests arrive and thus, it results in inconsistency. Our work proposes a novel method to store data securely with concurrent update requests using Petri Nets, under the assumption that the number of nodes is very large and the requests for updates are very frequent.

2020-02-18
Gotsman, Alexey, Lefort, Anatole, Chockler, Gregory.  2019.  White-Box Atomic Multicast. 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). :176–187.

Atomic multicast is a communication primitive that delivers messages to multiple groups of processes according to some total order, with each group receiving the projection of the total order onto messages addressed to it. To be scalable, atomic multicast needs to be genuine, meaning that only the destination processes of a message should participate in ordering it. In this paper we propose a novel genuine atomic multicast protocol that in the absence of failures takes as low as 3 message delays to deliver a message when no other messages are multicast concurrently to its destination groups, and 5 message delays in the presence of concurrency. This improves the latencies of both the fault-tolerant version of classical Skeen's multicast protocol (6 or 12 message delays, depending on concurrency) and its recent improvement by Coelho et al. (4 or 8 message delays). To achieve such low latencies, we depart from the typical way of guaranteeing fault-tolerance by replicating each group with Paxos. Instead, we weave Paxos and Skeen's protocol together into a single coherent protocol, exploiting opportunities for white-box optimisations. We experimentally demonstrate that the superior theoretical characteristics of our protocol are reflected in practical performance pay-offs.

2020-10-06
André, Étienne, Lime, Didier, Ramparison, Mathias, Stoelinga, Mariëlle.  2019.  Parametric Analyses of Attack-Fault Trees. 2019 19th International Conference on Application of Concurrency to System Design (ACSD). :33—42.

Risk assessment of cyber-physical systems, such as power plants, connected devices and IT-infrastructures has always been challenging: safety (i.e., absence of unintentional failures) and security (i. e., no disruptions due to attackers) are conditions that must be guaranteed. One of the traditional tools used to help considering these problems is attack trees, a tree-based formalism inspired by fault trees, a well-known formalism used in safety engineering. In this paper we define and implement the translation of attack-fault trees (AFTs) to a new extension of timed automata, called parametric weighted timed automata. This allows us to parametrize constants such as time and discrete costs in an AFT and then, using the model-checker IMITATOR, to compute the set of parameter values such that a successful attack is possible. Using the different sets of parameter values computed, different attack and fault scenarios can be deduced depending on the budget, time or computation power of the attacker, providing helpful data to select the most efficient counter-measure.

Li, Yue.  2019.  Finding Concurrency Exploits on Smart Contracts. 2019 IEEE/ACM 41st International Conference on Software Engineering: Companion Proceedings (ICSE-Companion). :144—146.

Smart contracts have been widely used on Ethereum to enable business services across various application domains. However, they are prone to different forms of security attacks due to the dynamic and non-deterministic blockchain runtime environment. In this work, we highlighted a general miner-side type of exploit, called concurrency exploit, which attacks smart contracts via generating malicious transaction sequences. Moreover, we designed a systematic algorithm to automatically detect such exploits. In our preliminary evaluation, our approach managed to identify real vulnerabilities that cannot be detected by other tools in the literature.

Meng, Ruijie, Zhu, Biyun, Yun, Hao, Li, Haicheng, Cai, Yan, Yang, Zijiang.  2019.  CONVUL: An Effective Tool for Detecting Concurrency Vulnerabilities. 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE). :1154—1157.

Concurrency vulnerabilities are extremely harmful and can be frequently exploited to launch severe attacks. Due to the non-determinism of multithreaded executions, it is very difficult to detect them. Recently, data race detectors and techniques based on maximal casual model have been applied to detect concurrency vulnerabilities. However, the former are ineffective and the latter report many false negatives. In this paper, we present CONVUL, an effective tool for concurrency vulnerability detection. CONVUL is based on exchangeable events, and adopts novel algorithms to detect three major kinds of concurrency vulnerabilities. In our experiments, CONVUL detected 9 of 10 known vulnerabilities, while other tools only detected at most 2 out of these 10 vulnerabilities. The 10 vulnerabilities are available at https://github.com/mryancai/ConVul.

Zaman, Tarannum Shaila, Han, Xue, Yu, Tingting.  2019.  SCMiner: Localizing System-Level Concurrency Faults from Large System Call Traces. 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE). :515—526.

Localizing concurrency faults that occur in production is hard because, (1) detailed field data, such as user input, file content and interleaving schedule, may not be available to developers to reproduce the failure; (2) it is often impractical to assume the availability of multiple failing executions to localize the faults using existing techniques; (3) it is challenging to search for buggy locations in an application given limited runtime data; and, (4) concurrency failures at the system level often involve multiple processes or event handlers (e.g., software signals), which can not be handled by existing tools for diagnosing intra-process(thread-level) failures. To address these problems, we present SCMiner, a practical online bug diagnosis tool to help developers understand how a system-level concurrency fault happens based on the logs collected by the default system audit tools. SCMiner achieves online bug diagnosis to obviate the need for offline bug reproduction. SCMiner does not require code instrumentation on the production system or rely on the assumption of the availability of multiple failing executions. Specifically, after the system call traces are collected, SCMiner uses data mining and statistical anomaly detection techniques to identify the failure-inducing system call sequences. It then maps each abnormal sequence to specific application functions. We have conducted an empirical study on 19 real-world benchmarks. The results show that SCMiner is both effective and efficient at localizing system-level concurrency faults.

Yousefzadeh, Saba, Basharkhah, Katayoon, Nosrati, Nooshin, Sadeghi, Rezgar, Raik, Jaan, Jenihhin, Maksim, Navabi, Zainalabedin.  2019.  An Accelerator-based Architecture Utilizing an Efficient Memory Link for Modern Computational Requirements. 2019 IEEE East-West Design Test Symposium (EWDTS). :1—6.

Hardware implementation of many of today's applications such as those in automotive, telecommunication, bio, and security, require heavy repeated computations, and concurrency in the execution of these computations. These requirements are not easily satisfied by existing embedded systems. This paper proposes an embedded system architecture that is enhanced by an array of accelerators, and a bussing system that enables concurrency in operation of accelerators. This architecture is statically configurable to configure it for performing a specific application. The embedded system architecture and architecture of the configurable accelerators are discussed in this paper. A case study examines an automotive application running on our proposed system.

2019-12-17
Guo, Shengjian, Wu, Meng, Wang, Chao.  2018.  Adversarial Symbolic Execution for Detecting Concurrency-Related Cache Timing Leaks. Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering. :377-388.
The timing characteristics of cache, a high-speed storage between the fast CPU and the slow memory, may reveal sensitive information of a program, thus allowing an adversary to conduct side-channel attacks. Existing methods for detecting timing leaks either ignore cache all together or focus only on passive leaks generated by the program itself, without considering leaks that are made possible by concurrently running some other threads. In this work, we show that timing-leak-freedom is not a compositional property: a program that is not leaky when running alone may become leaky when interleaved with other threads. Thus, we develop a new method, named adversarial symbolic execution, to detect such leaks. It systematically explores both the feasible program paths and their interleavings while modeling the cache, and leverages an SMT solver to decide if there are timing leaks. We have implemented our method in LLVM and evaluated it on a set of real-world ciphers with 14,455 lines of C code in total. Our experiments demonstrate both the efficiency of our method and its effectiveness in detecting side-channel leaks.
Liu, Daiping, Zhang, Mingwei, Wang, Haining.  2018.  A Robust and Efficient Defense Against Use-after-Free Exploits via Concurrent Pointer Sweeping. Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. :1635-1648.
Applications in C/C++ are notoriously prone to memory corruptions. With significant research efforts devoted to this area of study, the security threats posed by previously popular vulnerabilities, such as stack and heap overflows, are not as serious as before. Instead, we have seen the meteoric rise of attacks exploiting use-after-free (UaF) vulnerabilities in recent years, which root in pointers pointing to freed memory (i.e., dangling pointers). Although various approaches have been proposed to harden software against UaF, none of them can achieve robustness and efficiency at the same time. In this paper, we present a novel defense called pSweeper to robustly protect against UaF exploits with low overhead, and pinpoint the root-causes of UaF vulnerabilities with one safe crash. The success of pSweeper lies in its two unique and innovative design ideas, concurrent pointer sweeping (CPW) and object origin tracking (OOT). CPW exploits the increasingly available multi-cores on modern PCs and outsources the heavyweight security checks and enforcement to dedicated threads that can run on spare cores. Specifically, CPW iteratively sweeps all live pointers in a concurrent thread to find dangling pointers. This design is quite different from previous work that requires to track every pointer propagation to maintain accurate point-to relationship between pointers and objects. OOT can help to pinpoint the root-causes of UaF by informing developers of how a dangling pointer is created, i.e., how the problematic object is allocated and freed. We implement a prototype of pSweeper and validate its efficacy in real scenarios. Our experimental results show that pSweeper is effective in defeating real-world UaF exploits and efficient when deployed in production runs.
2019-12-09
Correia, Andreia, Felber, Pascal, Ramalhete, Pedro.  2018.  Romulus: Efficient Algorithms for Persistent Transactional Memory. Proceedings of the 30th on Symposium on Parallelism in Algorithms and Architectures. :271–282.
Byte addressable persistent memory eliminates the need for serialization and deserialization of data, to and from persistent storage, allowing applications to interact with it through common store and load instructions. In the event of a process or system failure, applications rely on persistent techniques to provide consistent storage of data in non-volatile memory (NVM). For most of these techniques, consistency is ensured through logging of updates, with consequent intensive cache line flushing and persistent fences necessary to guarantee correctness. Undo log based approaches require store interposition and persistence fences before each in-place modification. Redo log based techniques can execute transactions using just two persistence fences, although they require store and load interposition which may incur a performance penalty for large transactions. So far, these techniques have been difficult to integrate with known memory allocators, requiring allocators or garbage collectors specifically designed for NVM. We present Romulus, a user-level library persistent transactional memory (PTM) which provides durable transactions through the usage of twin copies of the data. A transaction in Romulus requires at most four persistence fences, regardless of the transaction size. Romulus uses only store interposition. Any sequential implementation of a memory allocator can be adapted to work with Romulus. Thanks to its lightweight design and low synchronization overhead, Romulus achieves twice the throughput of current state of the art PTMs in update-only workloads, and more than one order of magnitude in read-mostly scenarios.
2019-09-09
Connell, Warren, Pham, Luan Huy, Philip, Samuel.  2018.  Analysis of Concurrent Moving Target Defenses. Proceedings of the 5th ACM Workshop on Moving Target Defense. :21–30.

While Moving Target Defenses (MTDs) have been increasingly recognized as a promising direction for cyber security, quantifying the effects of MTDs remains mostly an open problem. Each MTD has its own set of advantages and disadvantages. No single MTD provides an effective defense against the entire range of possible threats. One of the challenges facing MTD quantification efforts is predicting the cumulative effect of implementing multiple MTDs. We present a scenario where two MTDs are deployed in an experimental testbed created to model a realistic use case. This is followed by a probabilistic analysis of the effectiveness of both MTDs against a multi-step attack, along with the MTDs' impact on availability to legitimate users. Our work is essential to providing decision makers with the knowledge to make informed choices regarding cyber defense.

2019-07-01
Liu, Changming, Zou, Deqing, Luo, Peng, Zhu, Bin B., Jin, Hai.  2018.  A Heuristic Framework to Detect Concurrency Vulnerabilities. Proceedings of the 34th Annual Computer Security Applications Conference. :529-541.

With a growing demand of concurrent software to exploit multi-core hardware capability, concurrency vulnerabilities have become an inevitable threat to the security of today's IT industry. Existing concurrent program detection schemes focus mainly on detecting concurrency errors such as data races, atomicity violation, etc., with little attention paid to detect concurrency vulnerabilities that may be exploited to infringe security. In this paper, we propose a heuristic framework that combines both static analysis and fuzz testing to detect targeted concurrency vulnerabilities such as concurrency buffer overflow, double free, and use-after-free. The static analysis locates sensitive concurrent operations in a concurrent program, categorizes each finding into a potential type of concurrency vulnerability, and determines the execution order of the sensitive operations in each finding that would trigger the suspected concurrency vulnerability. The results are then plugged into the fuzzer with the execution order fixed by the static analysis in order to trigger the suspected concurrency vulnerabilities. In order to introduce more variance which increases possibility that the concurrency errors can be triggered, we also propose manipulation of thread scheduling priority to enable a fuzzer such as AFL to effectively explore thread interleavings in testing a concurrent program. To the best of our knowledge, this is the first fuzzer that is capable of effectively exploring concurrency errors. In evaluating the proposed heuristic framework with a benchmark suit of six real-world concurrent C programs, the framework detected two concurrency vulnerabilities for the proposed concurrency vulnerability detection, both being confirmed to be true positives, and produced three new crashes for the proposed interleaving exploring fuzzer that existing fuzzers could not produce. These results demonstrate the power and effectiveness of the proposed heuristic framework in detecting concurrency errors and vulnerabilities.

2019-03-22
Lu, Wen-jie, Sakuma, Jun.  2018.  More Practical Privacy-Preserving Machine Learning As A Service via Efficient Secure Matrix Multiplication. Proceedings of the 6th Workshop on Encrypted Computing & Applied Homomorphic Cryptography. :25-36.

An efficient secure two-party computation protocol of matrix multiplication allows privacy-preserving cloud-aid machine learning services such as face recognition and traffic-aware navigation. We use homomorphic encryption to construct a secure matrix multiplication protocol with a small communication overhead and computation overhead on the client's side, which works particularly well when a large number of clients access to the server simultaneously. The fastest secure matrix multiplication protocols have been constructed using tools such as oblivious transfer, but a potential limitation of these methods is the needs of using a wide network bandwidth between the client and the server, e.g., 10\textasciitildeGbps. This is of particular concern when thousands of clients interact with the server concurrently. Under this setting, the performance oblivious transfer-based methods will decrease significantly, since the server can only allocate a small ratio of its outgoing bandwidth for each client. With three proposed optimizations, our matrix multiplication protocol can run very fast even under the high concurrent setting. Our benchmarks show that it takes an Amazon instance (i.e., 72 CPUs and 25 Gbps outgoing bandwidth) less than 50 seconds to complete 1000 concurrent secure matrix multiplications with \$128\textbackslashtimes 128\$ entries. In addition, our method reduces more than \$74% - 97%\$ of the precomputation time of two privacy-preserving machine learning frameworks, SecureML (S&P'17) and MiniONN (CCS'17).